10-22-2019 12:20 PM
If I am not wrong the group policies are mapped to the connection profiles (tunnel-groups) and they applied to the users based on the group they choose in the cisco any client software.
So what happens to the group policies which are not part of any tunnel-groups?.
Why such a weird question because i found some group policies not being called in any tunnel-groups.
Does that mean these group policies are not being used at all?. or Are they mapped to their respective "DEFAULT" tunnel-group type.
10-22-2019 12:36 PM
They could be left over from a previous configuration where they had an associated tunnel-group.
If no current tunnel-group specifies them they are likely extraneous and can be removed. (You cannot remove the default group policy, even if it's not currently used.)
10-22-2019 12:38 PM
10-29-2019 02:41 AM
Can tell me if there's any links to this type of configuration or how to check if the group policies are mapped to users ?.
10-29-2019 02:53 AM
Hi Alfred,
Group-policy that are not attached to any tunnel-group will not be in use (you can delete them).
users who does not match any tunnel-group will be assigned the Defaultwebvpngroup which is maped to the dfltgrouppolicy.
you can check each user to what tunnel-group and group-policy he is assigned by issuing this cmd from cli:
W01/pri/act# sh vpn-sessiondb anyconnect
Session Type: AnyConnect
Username : ar010 Index : 13412
Assigned IP : 10.0.15.142 Public IP : x.x.x.x
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES256
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1
Bytes Tx : 893560189 Bytes Rx : 272695893
Group Policy : GP-SSL-All Tunnel Group : TG-SSL-Internal
Please rate if answer is helpful.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: